/** See https://api.slack.com/docs/oauth. */
  public HttpUrl authorizeUrl(String scopes, HttpUrl redirectUrl, ByteString state, String team) {
    HttpUrl.Builder builder = baseUrl.newBuilder("/oauth/authorize")
        .addQueryParameter("client_id", clientId)
        .addQueryParameter("scope", scopes)
        .addQueryParameter("redirect_uri", redirectUrl.toString())
        .addQueryParameter("state", state.base64());

    if (team != null) {

    # Save it for use later to prevent xsrf attacks

    state = str(uuid4())
    params = {"client_id": client_id,
              "response_type": "code",
              "state": state,
              "redirect_uri": callback_uri,
              "scope": "openid"}

    url = authorize_url + "?" + urllib.parse.urlencode(params)
    return url


@app.route('/oauth2/callback')
def callback():

./mc idp openid add myminio \
	config_url="http://localhost:5556/dex/.well-known/openid-configuration" \
	client_id="minio-client-app" \
	client_secret="minio-client-app-secret" \
	scopes="openid,groups,email,profile" \
	redirect_uri="http://127.0.0.1:10000/oauth_callback" \
	display_name="Login via dex1" \
	role_policy="consoleAdmin"

./mc admin service restart myminio --json
./mc ready myminio

			Optional:    true,
			Type:        "string",
		},
		config.HelpKV{
			Key:         RedirectURI,
			Description: `[DEPRECATED use env 'MINIO_BROWSER_REDIRECT_URL'] Configure custom redirect_uri for OpenID login flow callback` + defaultHelpPostfix(RedirectURI),
			Optional:    true,
			Type:        "string",
		},
		config.HelpKV{
			Key:         config.Comment,

	buf.WriteString(c.Endpoint.AuthURL)
	v := url.Values{
		"response_type": {"id_token"},
		"response_mode": {"form_post"},
		"client_id":     {c.ClientID},
	}
	if c.RedirectURL != "" {
		v.Set("redirect_uri", c.RedirectURL)
	}
	if len(c.Scopes) > 0 {
		v.Set("scope", strings.Join(c.Scopes, " "))
	}
	v.Set("state", state)
	v.Set("nonce", state)
	if strings.Contains(c.Endpoint.AuthURL, "?") {

        activityHelper.logout(userBean);
        final String redirectUrl = userBean.map(user -> ComponentUtil.getSsoManager().logout(user)).orElse(null);
        fessLoginAssist.logout();
        userInfoHelper.deleteUserCodeFromCookie(request);
        if (StringUtil.isNotBlank(redirectUrl)) {
            return HtmlResponse.fromRedirectPathAsIs(redirectUrl);
        }
        return redirect(LoginAction.class);
    }

		DisplayName:        getCfgVal(DisplayName),
		ClaimName:          getCfgVal(ClaimName),
		ClaimUserinfo:      getCfgVal(ClaimUserinfo) == config.EnableOn,
		ClaimPrefix:        getCfgVal(ClaimPrefix),
		RedirectURI:        getCfgVal(RedirectURI),
		RedirectURIDynamic: getCfgVal(RedirectURIDynamic) == config.EnableOn,
		ClientID:           getCfgVal(ClientID),
		ClientSecret:       getCfgVal(ClientSecret),
		RolePolicy:         getCfgVal(RolePolicy),

    synchronized (this) {
      listeners.put(state, listener);
    }

    return slackApi.authorizeUrl(scopes, redirectUrl(), state, team);
  }

  private ByteString randomToken() {
    byte[] bytes = new byte[16];
    secureRandom.nextBytes(bytes);
    return ByteString.of(bytes);
  }

  private HttpUrl redirectUrl() {
    return mockWebServer.url("/oauth/");
  }

  passwordConnector: local

# Instead of reading from an external storage, use this list of clients.
#
# If this option isn't chosen clients may be added through the gRPC API.
staticClients:
  - id: example-app
    redirectURIs:
      - 'http://localhost:8080/oauth2/callback'
    name: 'Example App'
    secret: ZXhhbXBsZS1hcHAtc2VjcmV0

connectors:
  - type: mockCallback
    id: mock
    name: Example

	}

	appParams := cmd.OpenIDClientAppParams{
		ClientID:     "minio-client-app",
		ClientSecret: "minio-client-app-secret",
		ProviderURL:  "http://127.0.0.1:5556/dex",
		RedirectURL:  "http://127.0.0.1:10000/oauth_callback",
	}

	oidcToken, err := cmd.MockOpenIDTestUserInteraction(ctx, appParams, "******@****.***", "dillon")
	if err != nil {
		log.Fatalf("Failed to generate OIDC token: %v", err)